cgroups kernel memory controller


One Line Summary

Kernel memory accounting (kmemcg): status, why important, why and how to use


Containers need resource management and limiting. One of such resources that was overlooked until before recently is kernel memory.

On almost all operations involving interactions with the kernel, it implicitly allocates some memory, that needs to be accounted and controlled. This is something that was present in OpenVZ kernel for more than 10 years (kmemsize user beancounter), but was only recently merged upstream by Virtuozzo engineers, in the form of kmem cgroup controller.

The topic discusses the current status of kmem controller (what is done and what is still missing), why it’s important to use it (including what sorts of attacks can be prevented) and how to use it properly and effectively from the userspace container management tools such as Docker, LXC, CoreOS etc.


kernel, memory, resource management, cgroups


  • Biography

    Pavel Emelyanov is a core Virtuozzo and OpenVZ kernel developer working in the project for the last six years. He’s currently the kernel team leader at Parallels and manages the development of all the kernel features for OpenVZ and Parallels Virtuozzo Containers. Pavel is also a prolific mainstream kernel contributor. He holds a PhD degree in Applied Mathematics from the Moscow Institute of Physics and Technology.

  • Kir Kolyshkin

    OpenVZ / CRIU / Odin / Parallels


    Developing free software on Linux since 1998. Working on Linux Containers since 2002. Leading the OpenVZ project since 2005.